Resubmissions

08-02-2024 19:01

240208-xpql5sbb94 10

07-02-2024 09:01

240207-ky1r9afcd2 10

Analysis

  • max time kernel
    600s
  • max time network
    604s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-02-2024 19:01

General

  • Target

    2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker.exe

  • Size

    370KB

  • MD5

    e89be3c49a4a6b1bdfd5a75f4ba47ceb

  • SHA1

    e903d24265e56113706bfde379a6f2a6acb1851e

  • SHA256

    c6a557f58591a6cb419bf81687d42c922fcc4dd870873d8692c78e88c71caaec

  • SHA512

    34a2049345596e810b5a72e8141a7ec233f95d7639c09beab8d21c06cef5a1b6490491e447e3564cbefce05cd5d58807e898985a49819ad49e84d1e056163d0b

  • SSDEEP

    6144:lHrjZhghBCLlsBxFJWCDA/tHHTdrXvdWgTO3x5N22vWvLRKKAX5l++SyVISD:BZhghBCMxFJWCE/tHz9/FT85I2vCMX5V

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Users\Admin\AppData\Local\Avywuixyxmexxtr.exe
      "C:\Users\Admin\AppData\Local\Avywuixyxmexxtr.exe" "-rC:\Users\Admin\AppData\Local\Temp\2024-02-07_e89be3c49a4a6b1bdfd5a75f4ba47ceb_cryptolocker.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Users\Admin\AppData\Local\Avywuixyxmexxtr.exe
        "C:\Users\Admin\AppData\Local\Avywuixyxmexxtr.exe" -w11c
        3⤵
        • Executes dropped EXE
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Avywuixyxmexxtr.exe

    Filesize

    370KB

    MD5

    e89be3c49a4a6b1bdfd5a75f4ba47ceb

    SHA1

    e903d24265e56113706bfde379a6f2a6acb1851e

    SHA256

    c6a557f58591a6cb419bf81687d42c922fcc4dd870873d8692c78e88c71caaec

    SHA512

    34a2049345596e810b5a72e8141a7ec233f95d7639c09beab8d21c06cef5a1b6490491e447e3564cbefce05cd5d58807e898985a49819ad49e84d1e056163d0b